Vulnerabilities > CVE-2016-2383

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
linux
canonical
opensuse
nessus

Summary

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.

Vulnerable Configurations

Part Description Count
OS
Linux
2764
OS
Canonical
2
OS
Opensuse
1

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1472.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The hid_input_field() function in
    last seen2020-03-19
    modified2019-05-13
    plugin id124796
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124796
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124796);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-2892",
        "CVE-2014-2568",
        "CVE-2014-7843",
        "CVE-2014-9420",
        "CVE-2014-9529",
        "CVE-2014-9730",
        "CVE-2016-2070",
        "CVE-2016-2383",
        "CVE-2016-3134",
        "CVE-2016-4568",
        "CVE-2016-6327",
        "CVE-2016-7915",
        "CVE-2016-9754",
        "CVE-2017-16525",
        "CVE-2017-18079",
        "CVE-2017-18204",
        "CVE-2017-7261",
        "CVE-2017-9605",
        "CVE-2018-1094",
        "CVE-2018-16276"
      );
      script_bugtraq_id(
        62049,
        66348,
        71082,
        71717,
        71880,
        74964
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - The hid_input_field() function in
        'drivers/hid/hid-core.c' in the Linux kernel before 4.6
        allows physically proximate attackers to obtain
        sensitive information from kernel memory or cause a
        denial of service (out-of-bounds read) by connecting a
        device.(CVE-2016-7915i1/4%0
    
      - The Linux kernel, before version 4.14.2, is vulnerable
        to a deadlock caused by
        fs/ocfs2/file.c:ocfs2_setattr(), as the function does
        not wait for DIO requests before locking the inode.
        This can be exploited by local users to cause a
        subsequent denial of service.(CVE-2017-18204i1/4%0
    
      - The vmw_gb_surface_define_ioctl function (accessible
        via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in
        drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux
        kernel through 4.11.4 defines a backup_handle variable
        but does not give it an initial value. If one attempts
        to create a GB surface, with a previously allocated DMA
        buffer to be used as a backup buffer, the backup_handle
        variable does not get written to and is then later
        returned to user space, allowing local users to obtain
        sensitive information from uninitialized kernel memory
        via a crafted ioctl call.(CVE-2017-9605i1/4%0
    
      - Use-after-free vulnerability in the nfqnl_zcopy
        function in net/netfilter/nfnetlink_queue_core.c in the
        Linux kernel through 3.13.6 allows attackers to obtain
        sensitive information from kernel memory by leveraging
        the absence of a certain orphaning operation. NOTE: the
        affected code was moved to the skb_zerocopy function in
        net/core/skbuff.c before the vulnerability was
        announced.(CVE-2014-2568i1/4%0
    
      - It was found that the Linux kernel's ISO file system
        implementation did not correctly limit the traversal of
        Rock Ridge extension Continuation Entries (CE). An
        attacker with physical access to the system could use
        this flaw to trigger an infinite loop in the kernel,
        resulting in a denial of service.(CVE-2014-9420i1/4%0
    
      - An integer overflow vulnerability was found in the
        ring_buffer_resize() calculations in which a privileged
        user can adjust the size of the ringbuffer message
        size. These calculations can create an issue where the
        kernel memory allocator will not allocate the correct
        count of pages yet expect them to be usable. This can
        lead to the ftrace() output to appear to corrupt kernel
        memory and possibly be used for privileged escalation
        or more likely kernel panic.(CVE-2016-9754i1/4%0
    
      - A symlink size validation was missing in Linux kernels
        built with UDF file system (CONFIG_UDF_FS) support,
        allowing the corruption of kernel memory. An attacker
        able to mount a corrupted/malicious UDF file system
        image could cause the kernel to crash.(CVE-2014-9730i1/4%0
    
      - In was found that in the Linux kernel, in
        vmw_surface_define_ioctl() function in
        'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a
        'num_sizes' parameter is assigned a user-controlled
        value which is not checked if it is zero. This is used
        in a call to kmalloc() and later leads to dereferencing
        ZERO_SIZE_PTR, which in turn leads to a GPF and
        possibly to a kernel panic.(CVE-2017-7261i1/4%0
    
      - A race condition flaw was found in the way the Linux
        kernel keys management subsystem performed key garbage
        collection. A local attacker could attempt accessing a
        key while it was being garbage collected, which would
        cause the system to crash.(CVE-2014-9529i1/4%0
    
      - A flaw was found in the Linux kernel's implementation
        of i8042 serial ports. An attacker could cause a kernel
        panic if they are able to add and remove devices as the
        module is loaded.(CVE-2017-18079i1/4%0
    
      - drivers/hid/hid-pl.c in the Human Interface Device
        (HID) subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_PANTHERLORD is enabled, allows physically
        proximate attackers to cause a denial of service
        (heap-based out-of-bounds write) via a crafted
        device.(CVE-2013-2892i1/4%0
    
      - The __clear_user function in
        arch/arm64/lib/clear_user.S in the Linux kernel before
        3.17.4 on the ARM64 platform allows local users to
        cause a denial of service (system crash) by reading one
        byte beyond a /dev/zero page boundary.(CVE-2014-7843i1/4%0
    
      - A divide-by-zero vulnerability was found in a way the
        kernel processes TCP connections. The error can occur
        if a connection starts another cwnd reduction phase by
        setting tp-i1/4zprior_cwnd to the current cwnd (0) in
        tcp_init_cwnd_reduction(). A remote, unauthenticated
        attacker could use this flaw to crash the kernel
        (denial of service).(CVE-2016-2070i1/4%0
    
      - The adjust_branches function in kernel/bpf/verifier.c
        in the Linux kernel before 4.5 does not consider the
        delta in the backward-jump case, which allows local
        users to obtain sensitive information from kernel
        memory by creating a packet filter and then loading
        crafted BPF instructions.(CVE-2016-2383i1/4%0
    
      - System using the infiniband support module ib_srpt were
        vulnerable to a denial of service by system crash by a
        local attacker who is able to abort writes to a device
        using this initiator.(CVE-2016-6327i1/4%0
    
      - A security flaw was found in the Linux kernel in the
        mark_source_chains() function in
        'net/ipv4/netfilter/ip_tables.c'. It is possible for a
        user-supplied 'ipt_entry' structure to have a large
        'next_offset' field. This field is not bounds checked
        prior to writing to a counter value at the supplied
        offset.(CVE-2016-3134i1/4%0
    
      - An out-of-bounds access issue was discovered in
        yurex_read() in drivers/usb/misc/yurex.c in the Linux
        kernel. A local attacker could use user access
        read/writes with incorrect bounds checking in the yurex
        USB driver to crash the kernel or potentially escalate
        privileges.(CVE-2018-16276i1/4%0
    
      - drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux
        kernel before 4.5.3 allows local users to cause a
        denial of service (kernel memory write operation) or
        possibly have unspecified other impact via a crafted
        number of planes in a VIDIOC_DQBUF ioctl
        call.(CVE-2016-4568i1/4%0
    
      - The usb_serial_console_disconnect function in
        drivers/usb/serial/console.c in the Linux kernel,
        before 4.13.8, allows local users to cause a denial of
        service (use-after-free and system crash) or possibly
        have unspecified other impact via a crafted USB device,
        related to disconnection and failed
        setup.(CVE-2017-16525i1/4%0
    
      - The Linux kernel is vulnerable to a NULL pointer
        dereference in the ext4/xattr.c:ext4_xattr_inode_hash()
        function. An attacker could trick a legitimate user or
        a privileged attacker could exploit this to cause a
        NULL pointer dereference with a crafted ext4 image.
        (CVE-2018-1094)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1472
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?349d271e");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16276");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2947-2.NASL
    descriptionRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id90403
    published2016-04-07
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90403
    titleUbuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2947-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2947-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90403);
      script_version("2.11");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2015-7833", "CVE-2015-8812", "CVE-2016-2085", "CVE-2016-2383", "CVE-2016-2550", "CVE-2016-2847");
      script_xref(name:"USN", value:"2947-2");
    
      script_name(english:"Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2947-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ralf Spenneberg discovered that the usbvision driver in the Linux
    kernel did not properly sanity check the interfaces and endpoints
    reported by the device. An attacker with physical access could cause a
    denial of service (system crash). (CVE-2015-7833)
    
    Venkatesh Pottem discovered a use-after-free vulnerability in the
    Linux kernel's CXGB3 driver. A local attacker could use this to cause
    a denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2015-8812)
    
    Xiaofei Rex Guo discovered a timing side channel vulnerability in the
    Linux Extended Verification Module (EVM). An attacker could use this
    to affect system integrity. (CVE-2016-2085)
    
    It was discovered that the extended Berkeley Packet Filter (eBPF)
    implementation in the Linux kernel did not correctly compute branch
    offsets for backward jumps after ctx expansion. A local attacker could
    use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2016-2383)
    
    David Herrmann discovered that the Linux kernel incorrectly accounted
    file descriptors to the original opener for in-flight file descriptors
    sent over a unix domain socket. A local attacker could use this to
    cause a denial of service (resource exhaustion). (CVE-2016-2550)
    
    It was discovered that the Linux kernel did not enforce limits on the
    amount of data allocated to buffer pipes. A local attacker could use
    this to cause a denial of service (resource exhaustion).
    (CVE-2016-2847).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2947-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-4.2-generic,
    linux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2015-7833", "CVE-2015-8812", "CVE-2016-2085", "CVE-2016-2383", "CVE-2016-2550", "CVE-2016-2847");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2947-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.2.0-35-generic", pkgver:"4.2.0-35.40~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.2.0-35-generic-lpae", pkgver:"4.2.0-35.40~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.2.0-35-lowlatency", pkgver:"4.2.0-35.40~14.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-9FBE2C258B.NASL
    descriptionIncremental update from 4.4.3-200 bringing in a few missed ARMv7 fixes ---- The 4.4.3 update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-07
    plugin id89702
    published2016-03-07
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89702
    titleFedora 22 : kernel-4.4.3-201.fc22 (2016-9fbe2c258b)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2016-9fbe2c258b.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89702);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-8812", "CVE-2016-0617", "CVE-2016-2383", "CVE-2016-2384");
      script_xref(name:"FEDORA", value:"2016-9fbe2c258b");
    
      script_name(english:"Fedora 22 : kernel-4.4.3-201.fc22 (2016-9fbe2c258b)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Incremental update from 4.4.3-200 bringing in a few missed ARMv7 fixes
    ---- The 4.4.3 update contains a number of important fixes across the
    tree
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1303532"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1305803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308444"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308452"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178403.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9559ab09"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC22", reference:"kernel-4.4.3-201.fc22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2947-3.NASL
    descriptionRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id90404
    published2016-04-07
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90404
    titleUbuntu 15.10 : linux-raspi2 vulnerabilities (USN-2947-3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2947-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90404);
      script_version("2.11");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2015-7833", "CVE-2015-8812", "CVE-2016-2085", "CVE-2016-2383", "CVE-2016-2550", "CVE-2016-2847");
      script_xref(name:"USN", value:"2947-3");
    
      script_name(english:"Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2947-3)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ralf Spenneberg discovered that the usbvision driver in the Linux
    kernel did not properly sanity check the interfaces and endpoints
    reported by the device. An attacker with physical access could cause a
    denial of service (system crash). (CVE-2015-7833)
    
    Venkatesh Pottem discovered a use-after-free vulnerability in the
    Linux kernel's CXGB3 driver. A local attacker could use this to cause
    a denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2015-8812)
    
    Xiaofei Rex Guo discovered a timing side channel vulnerability in the
    Linux Extended Verification Module (EVM). An attacker could use this
    to affect system integrity. (CVE-2016-2085)
    
    It was discovered that the extended Berkeley Packet Filter (eBPF)
    implementation in the Linux kernel did not correctly compute branch
    offsets for backward jumps after ctx expansion. A local attacker could
    use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2016-2383)
    
    David Herrmann discovered that the Linux kernel incorrectly accounted
    file descriptors to the original opener for in-flight file descriptors
    sent over a unix domain socket. A local attacker could use this to
    cause a denial of service (resource exhaustion). (CVE-2016-2550)
    
    It was discovered that the Linux kernel did not enforce limits on the
    amount of data allocated to buffer pipes. A local attacker could use
    this to cause a denial of service (resource exhaustion).
    (CVE-2016-2847).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2947-3/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-4.2-raspi2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 15.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2015-7833", "CVE-2015-8812", "CVE-2016-2085", "CVE-2016-2383", "CVE-2016-2550", "CVE-2016-2847");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2947-3");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"15.10", pkgname:"linux-image-4.2.0-1028-raspi2", pkgver:"4.2.0-1028.36")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.2-raspi2");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-7E12AE5359.NASL
    descriptionThis is an incremental update over 4.4.2-300 which contains two fixes fix for AMD IOMMU warnings use after free in USB ---- The 4.4.2 update contains a number of important updates across the kernel tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89570
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89570
    titleFedora 23 : kernel-4.4.2-301.fc23 (2016-7e12ae5359)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2016-7e12ae5359.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89570);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-8812", "CVE-2016-0617", "CVE-2016-2383", "CVE-2016-2384");
      script_xref(name:"FEDORA", value:"2016-7e12ae5359");
    
      script_name(english:"Fedora 23 : kernel-4.4.2-301.fc23 (2016-7e12ae5359)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is an incremental update over 4.4.2-300 which contains two fixes
    fix for AMD IOMMU warnings use after free in USB ---- The 4.4.2 update
    contains a number of important updates across the kernel tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1303532"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1305803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308444"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308452"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178056.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?61322666"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"kernel-4.4.2-301.fc23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-E7162262B0.NASL
    descriptionUpdate to the latest upstream stable release, Linux v4.3.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89632
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89632
    titleFedora 22 : kernel-4.3.6-201.fc22 (2016-e7162262b0)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2016-e7162262b0.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89632);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-8812", "CVE-2016-0617", "CVE-2016-2383", "CVE-2016-2384");
      script_xref(name:"FEDORA", value:"2016-e7162262b0");
    
      script_name(english:"Fedora 22 : kernel-4.3.6-201.fc22 (2016-e7162262b0)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to the latest upstream stable release, Linux v4.3.6
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1303532"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1305803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308444"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308452"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178034.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cd61379d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC22", reference:"kernel-4.3.6-201.fc22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-669.NASL
    descriptionWhen running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks. (CVE-2016-3157) In some cases, the kernel did not correctly fix backward jumps in a new eBPF program, which could allow arbitrary reads. (CVE-2016-2383) The kernel incorrectly accounted for the number of in-flight fds over a unix domain socket to the original opener of the file descriptor. Another process could arbitrarily deplete the original file opener
    last seen2020-06-01
    modified2020-06-02
    plugin id89966
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89966
    titleAmazon Linux AMI : kernel (ALAS-2016-669)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-669.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89966);
      script_version("2.5");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2016-2383", "CVE-2016-2550", "CVE-2016-2847", "CVE-2016-3157");
      script_xref(name:"ALAS", value:"2016-669");
    
      script_name(english:"Amazon Linux AMI : kernel (ALAS-2016-669)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "When running as a Xen 64-bit PV guest, user mode processes not
    supposed to be able to access I/O ports may be granted such
    permission, potentially resulting in one or more of in-guest privilege
    escalation, guest crashes (Denial of Service), or in-guest information
    leaks. (CVE-2016-3157)
    
    In some cases, the kernel did not correctly fix backward jumps in a
    new eBPF program, which could allow arbitrary reads. (CVE-2016-2383)
    
    The kernel incorrectly accounted for the number of in-flight fds over
    a unix domain socket to the original opener of the file descriptor.
    Another process could arbitrarily deplete the original file opener's
    maximum open files resource limit. (CVE-2016-2550)
    
    A resource-exhaustion vulnerability was found in the kernel, where an
    unprivileged process could allocate and accumulate far more file
    descriptors than the process' limit. A local, unauthenticated user
    could exploit this flaw by sending file descriptors over a Unix socket
    and then closing them to keep the process' fd count low, thereby
    creating kernel-memory or file-descriptors exhaustion (denial of
    service). (CVE-2016-2847)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-669.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update kernel' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"kernel-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-devel-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-doc-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-headers-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-4.1.19-24.31.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.1.19-24.31.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2947-1.NASL
    descriptionRalf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). (CVE-2015-7833) Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id90402
    published2016-04-07
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90402
    titleUbuntu 15.10 : linux vulnerabilities (USN-2947-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2947-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90402);
      script_version("2.11");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2015-7833", "CVE-2015-8812", "CVE-2016-2085", "CVE-2016-2383", "CVE-2016-2550", "CVE-2016-2847");
      script_xref(name:"USN", value:"2947-1");
    
      script_name(english:"Ubuntu 15.10 : linux vulnerabilities (USN-2947-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ralf Spenneberg discovered that the usbvision driver in the Linux
    kernel did not properly sanity check the interfaces and endpoints
    reported by the device. An attacker with physical access could cause a
    denial of service (system crash). (CVE-2015-7833)
    
    Venkatesh Pottem discovered a use-after-free vulnerability in the
    Linux kernel's CXGB3 driver. A local attacker could use this to cause
    a denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2015-8812)
    
    Xiaofei Rex Guo discovered a timing side channel vulnerability in the
    Linux Extended Verification Module (EVM). An attacker could use this
    to affect system integrity. (CVE-2016-2085)
    
    It was discovered that the extended Berkeley Packet Filter (eBPF)
    implementation in the Linux kernel did not correctly compute branch
    offsets for backward jumps after ctx expansion. A local attacker could
    use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2016-2383)
    
    David Herrmann discovered that the Linux kernel incorrectly accounted
    file descriptors to the original opener for in-flight file descriptors
    sent over a unix domain socket. A local attacker could use this to
    cause a denial of service (resource exhaustion). (CVE-2016-2550)
    
    It was discovered that the Linux kernel did not enforce limits on the
    amount of data allocated to buffer pipes. A local attacker could use
    this to cause a denial of service (resource exhaustion).
    (CVE-2016-2847).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2947-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-4.2-generic,
    linux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 15.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2015-7833", "CVE-2015-8812", "CVE-2016-2085", "CVE-2016-2383", "CVE-2016-2550", "CVE-2016-2847");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2947-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"15.10", pkgname:"linux-image-4.2.0-35-generic", pkgver:"4.2.0-35.40")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"linux-image-4.2.0-35-generic-lpae", pkgver:"4.2.0-35.40")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"linux-image-4.2.0-35-lowlatency", pkgver:"4.2.0-35.40")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-445.NASL
    descriptionThe openSUSE Leap 42.1 kernel was updated to 4.1.20 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1339: A memory leak in cuse could be used to exhaust kernel memory. (bsc#969356). - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936 951638). - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440). - CVE-2015-7884: The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a crafted application (bnc#951626). - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404). - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states
    last seen2020-06-05
    modified2016-04-13
    plugin id90482
    published2016-04-13
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90482
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-445)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-445.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90482);
      script_version("2.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2003-1604", "CVE-2015-1339", "CVE-2015-7799", "CVE-2015-7872", "CVE-2015-7884", "CVE-2015-8104", "CVE-2015-8709", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8787", "CVE-2015-8812", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2184", "CVE-2016-2383", "CVE-2016-2384");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2016-445)");
      script_summary(english:"Check for the openSUSE-2016-445 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.1 kernel was updated to 4.1.20 to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2015-1339: A memory leak in cuse could be used to
        exhaust kernel memory. (bsc#969356).
    
      - CVE-2015-7799: The slhc_init function in
        drivers/net/slip/slhc.c in the Linux kernel did not
        ensure that certain slot numbers are valid, which
        allowed local users to cause a denial of service (NULL
        pointer dereference and system crash) via a crafted
        PPPIOCSMAXCID ioctl call (bnc#949936 951638).
    
      - CVE-2015-7872: The key_gc_unused_keys function in
        security/keys/gc.c in the Linux kernel allowed local
        users to cause a denial of service (OOPS) via crafted
        keyctl commands (bnc#951440).
    
      - CVE-2015-7884: The vivid_fb_ioctl function in
        drivers/media/platform/vivid/vivid-osd.c in the Linux
        kernel did not initialize a certain structure member,
        which allowed local users to obtain sensitive
        information from kernel memory via a crafted application
        (bnc#951626).
    
      - CVE-2015-8104: The KVM subsystem in the Linux kernel
        allowed guest OS users to cause a denial of service
        (host OS panic or hang) by triggering many #DB (aka
        Debug) exceptions, related to svm.c (bnc#954404).
    
      - CVE-2015-8709: kernel/ptrace.c in the Linux kernel
        mishandled uid and gid mappings, which allowed local
        users to gain privileges by establishing a user
        namespace, waiting for a root process to enter that
        namespace with an unsafe uid or gid, and then using the
        ptrace system call. NOTE: the vendor states 'there is no
        kernel bug here (bnc#959709).
    
      - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux
        kernel did not properly manage the relationship between
        a lock and a socket, which allowed local users to cause
        a denial of service (deadlock) via a crafted sctp_accept
        call. (bsc#961509)
    
      - CVE-2015-8785: The fuse_fill_write_pages function in
        fs/fuse/file.c in the Linux kernel allowed local users
        to cause a denial of service (infinite loop) via a
        writev system call that triggers a zero length for the
        first segment of an iov (bnc#963765).
    
      - CVE-2015-8787: The nf_nat_redirect_ipv4 function in
        net/netfilter/nf_nat_redirect.c in the Linux kernel
        allowed remote attackers to cause a denial of service
        (NULL pointer dereference and system crash) or possibly
        have unspecified other impact by sending certain IPv4
        packets to an incompletely configured interface, a
        related issue to CVE-2003-1604 (bnc#963931).
    
      - CVE-2015-8812: A flaw was found in the CXGB3 kernel
        driver when the network was considered congested. The
        kernel would incorrectly misinterpret the congestion as
        an error condition and incorrectly free/clean up the
        skb. When the device would then send the skb's queued,
        these structures would be referenced and may panic the
        system or allow an attacker to escalate privileges in a
        use-after-free scenario. (bsc#966437).
    
      - CVE-2016-0723: Race condition in the tty_ioctl function
        in drivers/tty/tty_io.c in the Linux kernel allowed
        local users to obtain sensitive information from kernel
        memory or cause a denial of service (use-after-free and
        system crash) by making a TIOCGETD ioctl call during
        processing of a TIOCSETD ioctl call (bnc#961500).
    
      - CVE-2016-2069: When Linux invalidated a paging structure
        that is not in use locally, it could, in principle, race
        against another CPU that is switching to a process that
        uses the paging structure in question. (bsc#963767)
    
      - CVE-2016-2184: A malicious USB device could cause a
        kernel crash in the alsa usb-audio driver. (bsc#971125)
    
      - CVE-2016-2383: Incorrect branch fixups for eBPF allow
        arbitrary read of kernel memory. (bsc#966684)
    
      - CVE-2016-2384: A malicious USB device could cause a
        kernel crash in the alsa usb-audio driver. (bsc#966693)
    
    The following non-security bugs were fixed :
    
      - alsa: hda - Apply clock gate workaround to Skylake, too
        (bsc#966137).
    
      - alsa: hda - disable dynamic clock gating on Broxton
        before reset (bsc#966137).
    
      - alsa: hda - Fix playback noise with 24/32 bit sample
        size on BXT (bsc#966137).
    
      - alsa: seq: Fix double port list deletion (bsc#968018).
    
      - alsa: seq: Fix leak of pool buffer at concurrent writes
        (bsc#968018).
    
      - alsa: timer: Fix race between stop and interrupt
        (bsc#968018).
    
      - alsa: timer: Fix wrong instance passed to slave
        callbacks (bsc#968018).
    
      - arm64: Add workaround for Cavium erratum 27456.
    
      - arm64: Backport arm64 patches from SLE12-SP1-ARM
    
      - btrfs: teach backref walking about backrefs with
        underflowed (bsc#966259).
    
      - cgroup kabi fix for 4.1.19.
    
      - config: Disable CONFIG_DDR. CONFIG_DDR is selected
        automatically by drivers which need it.
    
      - config: Disable MFD_TPS65218 The TPS65218 is a power
        management IC for 32-bit ARM systems.
    
      - config: Modularize NF_REJECT_IPV4/V6 There is no reason
        why these helper modules should be built-in when the
        rest of netfilter is built as modules.
    
      - config: Update x86 config files: Enable Intel RAPL This
        driver is useful when power caping is needed. It was
        enabled in the SLE kernel 2 years ago.
    
      - Delete patches.fixes/bridge-module-get-put.patch. As
        discussed in
        http://lists.opensuse.org/opensuse-kernel/2015-11/msg000
        46.html
    
      - drm/i915: Fix double unref in intelfb_alloc failure path
        (boo#962866, boo#966179).
    
      - drm/i915: Fix failure paths around initial fbdev
        allocation (boo#962866, boo#966179).
    
      - drm/i915: Pin the ifbdev for the info->system_base GGTT
        mmapping (boo#962866, boo#966179).
    
      - e1000e: Avoid divide by zero error (bsc#965125).
    
      - e1000e: fix division by zero on jumbo MTUs (bsc#965125).
    
      - e1000e: fix systim issues (bsc#965125).
    
      - e1000e: Fix tight loop implementation of systime read
        algorithm (bsc#965125).
    
      - ibmvnic: Fix ibmvnic_capability struct.
    
      - intel: Disable Skylake support in intel_idle driver
        again (boo#969582) This turned out to bring a regression
        on some machines, unfortunately. It should be addressed
        in the upstream at first.
    
      - intel_idle: allow idle states to be freeze-mode specific
        (boo#969582).
    
      - intel_idle: Skylake Client Support (boo#969582).
    
      - intel_idle: Skylake Client Support - updated
        (boo#969582).
    
      - libceph: fix scatterlist last_piece calculation
        (bsc#963746).
    
      - lio: Add LIO clustered RBD backend (fate#318836)
    
      - net kabi fixes for 4.1.19.
    
      - numa patches updated to v15
    
      - ocfs2: fix dlmglue deadlock issue(bnc#962257)
    
      - pci: thunder: Add driver for ThunderX-pass(1,2) on-chip
        devices
    
      - pci: thunder: Add PCIe host driver for ThunderX
        processors
    
      - sd: Optimal I/O size is in bytes, not sectors
        (boo#961263).
    
      - sd: Reject optimal transfer length smaller than page
        size (boo#961263).
    
      - series.conf: move cxgb3 patch to network drivers section"
      );
      # http://lists.opensuse.org/opensuse-kernel/2015-11/msg00046.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-kernel/2015-11/msg00046.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=814440"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=884701"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=949936"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951440"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=953527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958439"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958504"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=959709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960710"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962866"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962977"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963765"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963931"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=965125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966137"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966259"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966437"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966684"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=966693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=969582"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=970845"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971125"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-docs-html-4.1.20-11.3") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-docs-pdf-4.1.20-11.3") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-macros-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-build-4.1.20-11.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-build-debugsource-4.1.20-11.2") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-qa-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-qa-xen-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-source-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-source-vanilla-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-syms-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-devel-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-devel-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-base-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-debuginfo-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-debugsource-4.1.20-11.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-devel-4.1.20-11.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
    }